Strange problem with PHP and sessions

Question

So the basis of this page is I set a session value when the page loads, and clear it on any other page they visit. Then the page can make an ajax call to download a file. If the session value matches the value I pass through the URL I allow them to download the file. If not I return a 404 error. I was having some weird issues, so I removed the 404 and set it to echo out the values instead to see what I was getting. Here is the top of the code on the page:

$code = $this->_request->getParam('code');
    $confirm = $_SESSION['mp3_code'];
    echo $code."-1-".$confirm;
    if($code != $confirm)
        echo $code."-2-".$confirm;//header("HTTP/1.1 404 Not Found");
    else
    {

Here is what displays on the page from the ajax call 12723430-1-12723430-2-

As you can see when it echos out the first time they exist, then somehow after I compare them and it fails you see that it echos out blank values like they suddenly ceased to exist. Any ideas?

Answer 1

It is imperative that you make sure to call session_start at the top of any script using sessions. I think this may be the case here.

In your code, it's echoing $code and $confirm. But $confirm is an empty string since you are not actually retrieving the session data (why has yet to be determined), the condition will most of the time evaluate to TRUE.